1 #ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
2 #define __NTOSKRNL_INCLUDE_INTERNAL_SE_H
4 extern POBJECT_TYPE SepTokenObjectType
;
7 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
;
8 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
;
9 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
;
10 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
;
11 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
;
14 extern PSID SeNullSid
;
15 extern PSID SeWorldSid
;
16 extern PSID SeLocalSid
;
17 extern PSID SeCreatorOwnerSid
;
18 extern PSID SeCreatorGroupSid
;
19 extern PSID SeCreatorOwnerServerSid
;
20 extern PSID SeCreatorGroupServerSid
;
21 extern PSID SeNtAuthoritySid
;
22 extern PSID SeDialupSid
;
23 extern PSID SeNetworkSid
;
24 extern PSID SeBatchSid
;
25 extern PSID SeInteractiveSid
;
26 extern PSID SeServiceSid
;
27 extern PSID SeAnonymousLogonSid
;
28 extern PSID SePrincipalSelfSid
;
29 extern PSID SeLocalSystemSid
;
30 extern PSID SeAuthenticatedUserSid
;
31 extern PSID SeRestrictedCodeSid
;
32 extern PSID SeAliasAdminsSid
;
33 extern PSID SeAliasUsersSid
;
34 extern PSID SeAliasGuestsSid
;
35 extern PSID SeAliasPowerUsersSid
;
36 extern PSID SeAliasAccountOpsSid
;
37 extern PSID SeAliasSystemOpsSid
;
38 extern PSID SeAliasPrintOpsSid
;
39 extern PSID SeAliasBackupOpsSid
;
40 extern PSID SeAuthenticatedUsersSid
;
41 extern PSID SeRestrictedSid
;
42 extern PSID SeAnonymousLogonSid
;
45 extern LUID SeCreateTokenPrivilege
;
46 extern LUID SeAssignPrimaryTokenPrivilege
;
47 extern LUID SeLockMemoryPrivilege
;
48 extern LUID SeIncreaseQuotaPrivilege
;
49 extern LUID SeUnsolicitedInputPrivilege
;
50 extern LUID SeTcbPrivilege
;
51 extern LUID SeSecurityPrivilege
;
52 extern LUID SeTakeOwnershipPrivilege
;
53 extern LUID SeLoadDriverPrivilege
;
54 extern LUID SeCreatePagefilePrivilege
;
55 extern LUID SeIncreaseBasePriorityPrivilege
;
56 extern LUID SeSystemProfilePrivilege
;
57 extern LUID SeSystemtimePrivilege
;
58 extern LUID SeProfileSingleProcessPrivilege
;
59 extern LUID SeCreatePermanentPrivilege
;
60 extern LUID SeBackupPrivilege
;
61 extern LUID SeRestorePrivilege
;
62 extern LUID SeShutdownPrivilege
;
63 extern LUID SeDebugPrivilege
;
64 extern LUID SeAuditPrivilege
;
65 extern LUID SeSystemEnvironmentPrivilege
;
66 extern LUID SeChangeNotifyPrivilege
;
67 extern LUID SeRemoteShutdownPrivilege
;
68 extern LUID SeUndockPrivilege
;
69 extern LUID SeSyncAgentPrivilege
;
70 extern LUID SeEnableDelegationPrivilege
;
73 extern PACL SePublicDefaultUnrestrictedDacl
;
74 extern PACL SePublicOpenDacl
;
75 extern PACL SePublicOpenUnrestrictedDacl
;
76 extern PACL SeUnrestrictedDacl
;
79 extern PSECURITY_DESCRIPTOR SePublicDefaultSd
;
80 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
;
81 extern PSECURITY_DESCRIPTOR SePublicOpenSd
;
82 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
;
83 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd
;
84 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd
;
89 BOOLEAN
SeInit1(VOID
);
90 BOOLEAN
SeInit2(VOID
);
91 BOOLEAN
SeInitSRM(VOID
);
93 VOID
SepInitLuid(VOID
);
94 VOID
SepInitPrivileges(VOID
);
95 BOOLEAN
SepInitSecurityIDs(VOID
);
96 BOOLEAN
SepInitDACLs(VOID
);
97 BOOLEAN
SepInitSDs(VOID
);
99 VOID
SeDeassignPrimaryToken(struct _EPROCESS
*Process
);
102 SepCreateImpersonationTokenDacl(PTOKEN Token
,
106 VOID
SepInitializeTokenImplementation(VOID
);
108 PTOKEN STDCALL
SepCreateSystemProcessToken(VOID
);
110 NTSTATUS
SeExchangePrimaryToken(struct _EPROCESS
* Process
,
111 PACCESS_TOKEN NewToken
,
112 PACCESS_TOKEN
* OldTokenP
);
115 SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src
,
116 ULONG PrivilegeCount
,
117 KPROCESSOR_MODE PreviousMode
,
118 PLUID_AND_ATTRIBUTES AllocatedMem
,
119 ULONG AllocatedLength
,
122 PLUID_AND_ATTRIBUTES
* Dest
,
126 SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege
,
127 KPROCESSOR_MODE PreviousMode
,
131 SepPrivilegeCheck(PTOKEN Token
,
132 PLUID_AND_ATTRIBUTES Privileges
,
133 ULONG PrivilegeCount
,
134 ULONG PrivilegeControl
,
135 KPROCESSOR_MODE PreviousMode
);
139 SepDuplicateToken(PTOKEN Token
,
140 POBJECT_ATTRIBUTES ObjectAttributes
,
141 BOOLEAN EffectiveOnly
,
142 TOKEN_TYPE TokenType
,
143 SECURITY_IMPERSONATION_LEVEL Level
,
144 KPROCESSOR_MODE PreviousMode
,
145 PTOKEN
* NewAccessToken
);
148 SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
149 IN KPROCESSOR_MODE AccessMode
,
150 IN POOL_TYPE PoolType
,
151 IN BOOLEAN CaptureIfKernel
,
152 OUT PSECURITY_QUALITY_OF_SERVICE
*CapturedSecurityQualityOfService
,
153 OUT PBOOLEAN Present
);
156 SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL
,
157 IN KPROCESSOR_MODE AccessMode
,
158 IN BOOLEAN CaptureIfKernel
);
161 SepCaptureSid(IN PSID InputSid
,
162 IN KPROCESSOR_MODE AccessMode
,
163 IN POOL_TYPE PoolType
,
164 IN BOOLEAN CaptureIfKernel
,
165 OUT PSID
*CapturedSid
);
168 SepReleaseSid(IN PSID CapturedSid
,
169 IN KPROCESSOR_MODE AccessMode
,
170 IN BOOLEAN CaptureIfKernel
);
173 SepCaptureAcl(IN PACL InputAcl
,
174 IN KPROCESSOR_MODE AccessMode
,
175 IN POOL_TYPE PoolType
,
176 IN BOOLEAN CaptureIfKernel
,
177 OUT PACL
*CapturedAcl
);
180 SepReleaseAcl(IN PACL CapturedAcl
,
181 IN KPROCESSOR_MODE AccessMode
,
182 IN BOOLEAN CaptureIfKernel
);
184 #define SepAcquireTokenLockExclusive(Token) \
186 KeEnterCriticalRegion(); \
187 ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
190 #define SepAcquireTokenLockShared(Token) \
192 KeEnterCriticalRegion(); \
193 ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
196 #define SepReleaseTokenLock(Token) \
198 ExReleaseResource(((PTOKEN)Token)->TokenLock); \
199 KeLeaveCriticalRegion(); \
202 #endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */